{"vulnerability": "cve-2026-33137", "sightings": [{"uuid": "9714ae60-439e-45df-8ea4-6a654194df43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-33137", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116611745692718467", "content": "\ud83d\udea8 CRITICAL: CVE-2026-33137 impacts XWiki Platform (<16.10.17, <17.4.9, <17.10.3, <18.1.0-rc-1). Unauthenticated users can create/modify documents via missing auth on POST /wikis/{wikiName}. Patch now! https://radar.offseq.com/threat/cve-2026-33137-cwe-862-missing-authorization-in-xw-b0399ab5 #OffSeq #XWiki #CVE #Infosec", "creation_timestamp": "2026-05-21T09:00:30.436877Z"}, {"uuid": "20a99b70-d1fa-4479-aa01-6644cbbfd094", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-33137", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mme2mjftr32c", "content": "CRITICAL: XWiki Platform flaw (CVE-2026-33137) lets unauthenticated users modify content via POST /wikis/{wikiName} \u2014 patch to 16.10.17, 17.4.9, 17.10.3, or 18.1.0-rc-1 ASAP! \u26a0\ufe0f https://radar.offseq.com/threat/cve-2026-33137-cwe-862-missing-authorization-in-xw-b0399ab5 #OffSeq #XWiki #Vulnerability", "creation_timestamp": "2026-05-21T09:00:33.146641Z"}, {"uuid": "dde5b055-91ff-4145-a4fb-6920225a8172", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33137", "type": "seen", "source": "Telegram/u353QQC82id8CE3exVt8JuaCPTA2e4vaac9ku63kUT5lYfk", "content": "", "creation_timestamp": "2026-05-25T19:00:11.000000Z"}, {"uuid": "e66cc095-36b2-4fe4-8949-d62dfa5e252b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33137", "type": "seen", "source": "https://t.me/GithubRedTeam/85870", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-33137\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a portbuster1337\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-25 18:11:19\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nXWiki Platform - CVE-2026-33137 PoC - Unauthenticated XAR Import via REST /wikis/{wikiName}\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-25T19:00:04.000000Z"}, {"uuid": "25d44000-a491-479e-a172-5586188a2b99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33137", "type": "seen", "source": "Telegram/DE_8V0W55Lks0xFUNDp9UGyNB0T-CRSwfpeIrdYc5V2Tnj4", "content": "", "creation_timestamp": "2026-05-25T21:00:04.000000Z"}]}